This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Connect-MsolService | |
$allUsers = Get-MsolUser -MaxResults 100000 | |
$usersWithSmsOrPhoneMfa = @() | |
foreach ($user in $allUsers) { | |
foreach ($method in $user.StrongAuthenticationMethods) { | |
if (($method.MethodType -eq 'OneWaySMS') -or ($method.MethodType -eq 'PhoneAppNotification')) { | |
if ($method.IsDefault) { $usersWithSmsOrPhoneMfa += $user } | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$currentSettings = Get-WmiObject -Class Lenovo_BiosSetting -Namespace root\wmi -Filter 'CurrentSetting != ""' | Select-Object -ExpandProperty CurrentSetting | Sort-Object | |
$allSettings = @() | |
foreach ($setting in $currentSettings) { | |
# Check if Lenovo_GetBiosSelections exists. If not, we're running on a newer system that includes returns the possible values | |
# as part of the current setting value | |
$legacyMethodExists = Get-CimClass Lenovo_GetBiosSelections -Namespace root\wmi -ErrorAction SilentlyContinue -WarningAction SilentlyContinue | |
if ($legacyMethodExists) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Function Create-X500ProxyAddressFromLegacyExchangeDN($Address) { | |
# As per https://support.microsoft.com/en-au/help/2807779/imceaex-non-delivery-report-when-you-send-email-messages-to-an-interna | |
$Address = $Address.Replace('_','/') # Replace any underscore character (_) with a slash character (/) | |
$Address = $Address.Replace('+20',' ') # Replace "+20" with a blank space | |
$Address = $Address.Replace('+28','(') # Replace "+28" with an opening parenthesis character | |
$Address = $Address.Replace('+29',')') # Replace "+29" with a closing parenthesis character. | |
$Address = $Address.Replace('IMCEAEX-','') # Delete the "IMCEAEX-" string | |
$Address = $Address.Split('@')[0] # Delete the "@mgd.domain.com" string | |
$Address = "X500:$Address" # Add "X500:" at the beginning | |
$Address |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="utf-8"?> | |
<IniFiles clsid="{694C651A-08F2-47fa-A427-34C4F62BA207}"><Ini clsid="{EEFACE84-D3D8-4680-8D4B-BF103E759448}" name="AppDataDir" status="AppDataDir" image="2" bypassErrors="1" changed="2017-11-23 00:56:06" uid="{95D41DAD-AA68-4FD5-83EE-F99F154CF748}"><Properties path="%TempDir%\gpp-variables.ini" section="GPPVariables-Computer" value="%AppDataDir%" property="AppDataDir" action="U"/><Filters></Filters></Ini> | |
<Ini clsid="{EEFACE84-D3D8-4680-8D4B-BF103E759448}" name="BinaryComputerSid" status="BinaryComputerSid" image="2" bypassErrors="1" changed="2017-11-23 00:56:10" uid="{609ED203-3CBF-4556-8028-F134B1EEF95D}"><Properties path="%TempDir%\gpp-variables.ini" section="GPPVariables-Computer" value="%BinaryComputerSid%" property="BinaryComputerSid" action="U"/><Filters></Filters></Ini> | |
<Ini clsid="{EEFACE84-D3D8-4680-8D4B-BF103E759448}" name="BinaryUserSid" status="BinaryUserSid" image="2" bypassErrors="1" changed="2017-11-23 00:56:15" uid="{A822EFE8-33E6-4E66-8D13-F194EE50E5A |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Requires -Version 5 -Module NetSecurity -RunAsAdministrator | |
<# | |
.SYNOPSIS | |
Create-MitigationFirewallRules - Creates Windows Firewall rules to mitigate certain app whitelisting bypasses and to prevent command interpreters from accessing the Internet | |
.DESCRIPTION | |
A script to automatically generate Windows Firewall with Advanced Security outbound rules | |
to prevent malware from being able to dial home. | |
These programs will only be allowed to communicate to IP addresses within the private IPv4 RFC1918 ranges: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-16"?> | |
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"> | |
<RegistrationInfo> | |
<Date>2017-10-20T11:25:53.3600985</Date> | |
<Author>danielstreefkerk</Author> | |
<Description>This event enables all NICs when the workstation unlock event (4801) is detected in the security log. | |
It won't work without Success auditing of Other Logon/Logoff events being enabled.</Description> | |
<URI>\Enable NIC(s) upon Workstation Unlock</URI> | |
</RegistrationInfo> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-16"?> | |
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"> | |
<RegistrationInfo> | |
<Date>2017-10-20T11:25:53.3600985</Date> | |
<Author>danielstreefkerk</Author> | |
<Description>This event disables all NICs when the workstation lock event (4800) is detected in the security log. | |
It won't work without Success auditing of Other Logon/Logoff events being enabled.</Description> | |
<URI>\Disable NIC(s) upon Workstation Lock</URI> | |
</RegistrationInfo> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!--#include file="Constants.asp"--> | |
<% | |
' VERSION 1.0.0 | |
' Simple SSO based on Classic ASP hosted on IIS. | |
'---------------------------------------------------------------- | |
' VERSION 1.0.1 | |
' Debugging information added. | |
'---------------------------------------------------------------- | |
' VERSION 1.0.2 | |
' Pass through functionality added. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Function Get-AppLockerLogs { | |
$filter = ' | |
<QueryList> | |
<Query Id="0" Path="ForwardedEvents"> | |
<Select Path="ForwardedEvents">*[System[Provider[@Name="Microsoft-Windows-AppLocker"] and (Level=2 or Level=3)]]</Select> | |
</Query> | |
</QueryList> | |
' | |
$data = Get-WinEvent -FilterXml $filter -Oldest |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Jobs older than the below time will be deleted | |
$thresholdTime = (Get-Date).AddDays(-1) | |
# Get all current print jobs | |
$printJobs = Get-WmiObject Win32_PrintJob | |
ForEach ($printJob in $printJobs) { | |
# Convert the weird WMI time to a proper .NET DateTime object | |
$jobTime = [System.Management.ManagementDateTimeConverter]::ToDateTime($printJob.TimeSubmitted) | |